Folks -
Since the weekend is over I've decided to release what I got so far and
consequently I'm happy to announce the availability of a new interface
to the platform SSL/TLS facilities for Squeak. SqueakSSL is a
plugin-based approach which utilizes the platform implementation;
currently the SCHANNEL SSPI on Windows and OpenSSL on Unix.
To use SqueakSSL you need the following pieces:
1) The plugin for your platform. For Windows, you can download the
plugin from
http://squeakvm.org/win32/release/SqueakSSL.zipFor Unix you'll have to compile your own; I'm attaching the relevant
part of the platforms tree. Mac support is currently not provided but
the OpenSSL based version can probably be adapted for Macs.
2) The SqueakSSL source code and tests. All of this can be found at
http://www.squeaksource.com/SqueakSSL.htmlYou need SqueakSSL-Core for the code and SqueakSSL-Tests for the unit
tests (SqueakSSL-Plugin is the plugin source which you don't need and
which we'll probably push into VMMaker).
Once you've downloaded and installed everything correctly, you should be
able to try SqueakSSL via the google example, which makes a query to
encrypted.google.com:
SqueakSSL google: 'Squeak'.
If the query fails your plugin is probably not installed correctly (it
seems unlikely that Google's cert has an issue :-)
3) For further tests (incl. the unit tests) you will need to provide a
server certificate that can be used by SqueakSSL. On Unix you can do
that using the openssl command line tools and once you've generated your
cert, you can tell SqueakSSLTest to use the cert. On Windows the process
is a bit more involved - you need to have a valid cert AND have it
installed in the local certificate store (a description can be found at
http://support.microsoft.com/kb/816794 but make sure you install it in
your *user* account not the computer account). Once you have the cert
installed, you can run the unit tests which should now succeed.
Obviously, this is an early release and there's plenty of work that
remains to be done, so help is welcome. However, it is starting to
become useful and consequently I'm intending to update WebServer and
WebClient soon for HTTPS support.
Cheers,
- Andreas